QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-24933

Back to search

CVE-2026-24933

Published: Feb 3, 2026

Modified: Feb 3, 2026

PUBLISHED

Description

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to intercept the cleartext communication, potentially leading to the exposure of sensitive user information, including account emails, MD5 hashed passwords, and device serial numbers. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.

VendorProductVersions

ASUSTOR

ADM

affected
4.1.0 - <= 4.3.3.ROF1
affected
5.0.0 - <= 5.1.1.RCI1

Weaknesses (CWE)

CWE-295

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now